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REMARKS 

Reconsideration of this application in view of the above amendments and the remarks 
below is respectfully requested. No claims are amended, added, or cancelled. Hence, Claims 10, 
11, 14-16 and 33-52 are pending in the application. 

Each issue raised in the Office Action mailed on July 9, 2007 is addressed herein. 

1. ISSUES RELATED TO CITED REFERENCES 
A. 35 U.S.C. 102(b) - BSAIBES 

Claims 10, 11, 33-41 and 45-48 are rejected under 35 U.S.C. 102(b) as allegedly 
anticipated by Bsaibes et al., U.S. Patent No. 5,701,458 (hereafter "Bsaibes"). The 
rejection is respectfully traversed. 

Independent Claim 33 

Claim 33 is directed to a method of comparing access control lists to configure a security 

policy on a network, and recites: 

identifying first sub-entries in a first access control list, wherein the first access control 
list comprises multiple first access control entries, and wherein the first sub- 
entries identified from the first access control list comprise (i) disjoint entries of 
the first entries or (ii) overlapping sections identified from the first entries or (iii) 
non-overlapping sections identified from the first entries; and 

programmatically determining whether the first access control list is functionally 

equivalent to a second access control list by determining whether each of the first 
sub-entries in the first access control list is equivalent to or contained by one or 
more entries of multiple second access control entries in the second access control 
list. 

According to claim 33, first sub-entries are identified from a first access control list that 
comprises first entries. The identified first sub-entries comprise 1) disjoint entries of the first 
entries, 2) overlapping sections identified from the first entries, or 3) non- overlapping sections 
identified from the first entries. Correspondingly, programmatically determining whether the 
first list and a second access are functionally equivalent in Claim 33 is by determining whether 
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each of the first sub-entries identified from the first list is equivalent to or contained by one or 
more entries of the second list, as recited in Claim 33. 

Bsaibes describes an approach to permitting manipulation of an arbitrary set of access 
control lists in a hierarchical objects structure (see Abstract). According to Bsaibes, the 
hierarchical objects structure may be represented as a tree in FIG. 4A or FIG. 4B. A node in the 
tree may comprise an access control list as illustrated in FIG. 5 through 8. Thus, there may be as 
many access control lists as the number of nodes in the tree. Bsaibes provides a way that an 
action perfoimed at a root node may alter an arbitrary set of access control lists residing at or 
underneath the root node. 

As disclosed, Bsaibes fails to disclose each and every feature of Claim 33. 

1. Bsaibes Fails to Disclose Identifying Sub-entries in a First Access Control 
List in Claim 33. 

Claim 33 positively recites an identifying step. This step is "identifying first sub-entries 
in a first access control list, wherein the first access control list comprises multiple first access 
control entries, and wherein the first sub-entries identified from the first access control list 
comprise (i) disjoint entries of the first entries or (ii) overlapping sections identified from the 
first entries or (iii) non-overlapping sections identified from the first entries." 

The Office Action cites Bsaibes, at col. 5 line 65 - col. 9 line 9, as disclosing all the 
features of Claim 33, including "identifying first sub-entries in a first access control lisf . This 
multi-colunm passage cited by the Office Action is too long to recite in its entirety here. 
However, after a careful study of the cited passage by Applicant, nothing in that cited passage is 
found to have disclosed any subject matter resembling a positive step of identifying sub-entries 
in an access control list that comprises entries, wherein composition of sub-entries is as defined 
in Claim 33. 

Since the Office Action claims there is subject matter in the cited portion of Bsaibes 
which can be reasonably regarded as analogous to the identifying step of Claim 33, to advance 
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prosecution, it is respectfully requested that Examiner provide a reasonable clarification as to 
where such subject matter in Bsaibes that is analogous to identifying sub-entries in an access 
control list, wherein sub-entries are as defined in Claim 33. 

2. Bsaibes Fails to Disclose Programmatically Determining Equivalency of 
Access Control Lists in Claim 33. 

Claim 33 recites "programmatically determining whether the first access control list is 
functionally equivalent to a second access control list by determining whether each of the first 
sub-entries in the first access control list is equivalent to or contained by one or more entries of 
multiple second access control entries in the second access control list." 

The Office Action cites the same, multi-column passage in Bsaibes as disclosing the 
above-recited features of Claim 33. The cited passage again is devoid of subject matter 
resembling programmatically determining whether the first access control list is functionally 
equivalent to a second access control list by determining whether each of the first sub-entries in 
the first access control list is equivalent to or contained by one or more entries of multiple second 
access control entries in the second access control list as featured in Claim 33. 

For the same reason set forth previously, it is respectfully requested that Examiner 
provide a reasonable clarification as to where such subject matter in Bsaibes that is analogous to 
programmatically determining whether the first access control list is functionally equivalent to a 
second access control list by determining whether each of the first sub-entries in the first access 
control list is equivalent to or contained by one or more entries of multiple second access control 
entries in the second access control list as featured in Claim 33. 

3. The Cited Portion of Bsaibes Fails to Anticipate Claim 33 

The cited passage in Bsaibes describes how an arbitrary set of access control lists may 
be altered by an action documented in TABLE 1 of the reference (see col. 7, lines 30-64). For 
example, an action may be a Modify_Delete (Id. at col. 8, line 49). A user "Tim" and a 
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permission "w" may be specified. When such an action is acted on node A, 700, in FIG. 6, 
Tim's peraiission entry in the access control list that is associated with node A is compared with 
the permission specified with the action (i.e., "Modify_Delete"). See Bsaibes, col. 8, lines 52-59. 
Tim's "w" permission in the entry in the access control list, if any, is deleted {Id.). This may be 
repeated for every access control list found at or under node A. See Bsaibes, col. 8, line 60-col. 
9, line 6. 

Clearly, Bsaibes'^ comparison for the purpose of carrying out this Modify_Delete action 
is between permissions specified in a command and permissions specified in an entry of an 
access control list. As such, it would not be analogous to determining equivalency between two 
access control lists. For example, Bsaibes fails to disclose any subject matter resembling 
determining whether any two access control lists under node A are equivalent. 

In Bsaibes, only a direct comparison between Tim's permissions in his entry in the access 
control list and a permission specified in the conmiand is needed. There is no disclosure in 
Bsaibes that Tim's existing permission entry in the access control list is to be identified into sub- 
entries, let alone to be identified into sub-entries, wherein the sub-entries comprise the types as 
featured in Claim 33. Since the permissions specified in the conmiand can be directly (and 
easily) compared with Tim's permissions in his entry in the access control list, Bsaibes neither 
needs nor discloses such an identifying step analogous to what is featured in Claim 33. 

For the reasons set forth, since Bsaibes fails to disclose at least one recited feature of 
Claim 33, Claim 33 is patentable over Bsaibes. 

Claims 36, 37 and 45 

Claims 36, 37 and 45 are independent claims that are similar in scope and include all 
features of method claim 33. Claims 36, 37 and 45 are patentable over Bsaibes for at least the 
same reasons as those given above in connection with claim 33. 

Claims 10, 11, 34-41 and 46-48 
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Claims 10, 11, 34-41 and 46-48 depend from, and hence, incorporate all of the features of 
claim 33, 36, 37 or 45 that are discussed above. These claims also recite further features that 
independently render them patentable over Bsaibes. However, because Bsaibes lacks the 
features discussed above for claims 33, 36, 37, or 45, claims 10, 11, 34-41 and 46-48 necessarily 
are patentable over Bsaibes for at least the reasons given above in connection with claim 33, 36, 
37 or 45. 

B. 35 U.S.C. 103(a) - BSAIBES and BRAWN 

Claims 14, 42 and 50 are rejected under 35 U.S.C. 103(a) as allegedly unpatentable over 
Bsaibes as applied to claims 33, 37 and 45 and further in view of Brawn et al., U.S. Patent No. 
7,020,718 B2 (hereafter "Brawn"). The rejection is respectfully traversed. 

Clahns 14, 42 and 50 depend from, and hence, incorporate all of the features of claim 33, 
36, 37 or 45. Claims 14, 42 and 50 also recite further features that independently render them 
patentable over Bsaibes. Brawn fails to disclose any of the features of claim 33, 36, 37 or 45 
previously discussed and therefore Brown does not cure the deficiencies of Bsaibes that are 
described above, and any combination of Brown and Bsaibes necessarily cannot provide the 
complete subject matter of claims 14, 42, and 50. Claims 14, 42, and 50 are patentable over 
Bsaibes and Brawn for at least the reasons given above in connection with claim 33, 36, 37 or 
45. 

C. 35 U.S.C. 103(a) - BSAIBES and MATE 

Claims 15, 43 and 51 are rejected under 35 U.S.C. 103(a) as allegedly unpatentable over 
Bsaibes as applied to claims 33, 37 and 45, and further in view of Mate et al., U.S. Patent No. 
7,028,098 B2 (hereinafter "Mate"). The rejection is respectfully traversed. 

Claims 15, 43 and 51 depend from and incoiporate all of the features of claim 33, 36, 37 
or 45. Claims 15, 43, and 51 also recite further features that render them patentable over 
Bsaibes. Mate fails to disclose any of the features of claim 33, 36, 37 or 45 previously discussed, 
and therefore Mate does not cure the deficiencies of Bsaibes that are described above, and any 
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combination of Mate and Bsaibes necessarily cannot provide the complete subject matter of 
claims 15, 43, and 51. Claims 15, 43, and 5 1 are patentable over Bsaibes and Mate for at least 
the reasons given above in connection with claim 33, 36, 37 or 45. 
D. 35 U.S.C. 103(a) - BSAIBES and BANGINWAR 

Claims 16, 44 and 52 are rejected under 35 U.S.C. 103(a) as allegedly unpatentable over 
Bsaibes as applied to claims 33, 37 and 45, and further in view of Banginwar, U.S. Patent No. 
6,61 1,863 (hereafter "Banginwar"). The rejection is respectfully traversed. 

Claims 16, 44 and 52 depend from, and hence, incorporate all of the features of claim 33, 
36, 37 or 45. Claims 16, 44, and 52 also recite further features that render them patentable over 
Bsaibes. Banginwar fails to disclose any of the features of claim 33, 36, 37 or 45 previously 
discussed and therefore Banginwar does not cure the deficiencies of Bsaibes that are described 
above, and any combination of Banginwar and Bsaibes necessarily cannot provide the complete 
subject matter of claims 16, 44, and 52. Claims 16, 44, and 52 are patentable over Bsaibes and 
Banginwar for at least the reasons given above in connection with claim 33, 36, 37 or 45. 
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11. CONCLUSIONS 

For the reasons set forth above, it is respectfully submitted that all of the pending claims 
are now in condition for allowance. Therefore, the issuance of a formal Notice of Allowance is 
believed next in order, and that action is most earnestly solicited. 

If any applicable fee is missing or insufficient, throughout the pendency of this 
application, the Commissioner is hereby authorized to charge any applicable fees and to credit 
any overpayments to our Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: October 8, 2007 /ZhichongGu#56543/ 
Zhichong Gu 
Reg. No. 56,543 

2055 Gateway Place, Suite 550 
San Jose, California 95 1 10-1089 
Telephone No.: (408) 414-1236 
Facsimile No.: (408) 414-1076 
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